Vulnerable WordPress Plugins Report for the Week of March 15, 2019

Vulnerable Plugins

There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera Forms Pro, and the Privilege Escalation vulnerability in SiteGround Optimizer. Both issues were discovered by Sucuri.

Other WordPress Security News

Earlier this week, WordPress released version 5.1.1 (and similar updates for branches all the way back to 3.7) which contained a crucial security update related to a stored cross-site scripting vulnerability in the comments. Simon Scannell from RIPSTech discovered the issue and has provided a detailed explanation of the issue. If you have not already done so, you need to update your WordPress instances immediately.